U.S. patent application number 13/971352 was filed with the patent office on 2014-02-27 for wireless communication apparatus, recording medium, and method.
The applicant listed for this patent is Yoshikazu AZUMA. Invention is credited to Yoshikazu AZUMA.
Application Number | 20140059643 13/971352 |
Document ID | / |
Family ID | 50149229 |
Filed Date | 2014-02-27 |
United States Patent
Application |
20140059643 |
Kind Code |
A1 |
AZUMA; Yoshikazu |
February 27, 2014 |
WIRELESS COMMUNICATION APPARATUS, RECORDING MEDIUM, AND METHOD
Abstract
A wireless communication apparatus includes an optical wireless
receiving unit receiving a pseudo random number; an authentication
code generator generating an authentication code based on the
pseudo random number received by the optical wireless receiving
unit; and a wireless communication unit determining whether
authentication using the authentication code with a given wireless
communication apparatus is successful, and performing wireless
communications with the given wireless communication apparatus when
determining that the authentication using the authentication code
with a given wireless communication apparatus is successful.
Inventors: |
AZUMA; Yoshikazu; (Tokyo,
JP) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
AZUMA; Yoshikazu |
Tokyo |
|
JP |
|
|
Family ID: |
50149229 |
Appl. No.: |
13/971352 |
Filed: |
August 20, 2013 |
Current U.S.
Class: |
726/2 |
Current CPC
Class: |
H04W 12/06 20130101;
H04W 12/00522 20190101 |
Class at
Publication: |
726/2 |
International
Class: |
H04W 12/06 20060101
H04W012/06 |
Foreign Application Data
Date |
Code |
Application Number |
Aug 21, 2012 |
JP |
2012-182026 |
Claims
1. A wireless communication apparatus, comprising: an optical
wireless receiving unit configured to receive a pseudo random
number; an authentication code generator configured to generate an
authentication code based on the pseudo random number received by
the optical wireless receiving unit; and a wireless communication
unit configured to determine whether authentication using the
authentication code with a given wireless communication apparatus
is successful, and perform wireless communications with the given
wireless communication apparatus when determining that the
authentication using the authentication code with a given wireless
communication apparatus is successful.
2. The wireless communication apparatus according to claim 1,
wherein the wireless communication unit is configured to determine
whether the given wireless communication apparatus has a function
to generate the authentication code, and perform the authentication
using the authentication code with the given wireless communication
apparatus when determining that the given wireless communication
apparatus has the function to generate the authentication code.
3. The wireless communication apparatus according to claim 2,
further comprising: a storage configured to store a fixed code,
wherein the wireless communication unit is configured to perform
the authentication using the fixed code with the given wireless
communication apparatus when determining that the given wireless
communication apparatus does not have the function to generate the
authentication code.
4. The wireless communication apparatus according to claim 1,
further comprising: an input unit configured to accept input from a
user; and a detection unit configured to detect the input by the
input unit, wherein the wireless communication unit is configured
to perform the wireless communications with the given wireless
communication apparatus when determining that the authentication
using the authentication code with the given wireless communication
apparatus is successful in response to the detection of the input
by the input unit by the detection unit.
5. The wireless communication apparatus according to claim 1,
wherein the input unit is a button that is pressed down by a
user.
6. The wireless communication apparatus according to claim 1,
wherein the optical wireless receiving unit includes first and
second light receiving sections having different directivities, and
wherein the authentication code generator is configured to generate
the authentication code based on different pseudo random numbers
received by the first and second light receiving sections.
7. The wireless communication apparatus according to claim 1,
wherein the wireless communication unit serves as a registrar.
8. The wireless communication apparatus according to claim 1,
wherein the wireless communication unit serves as an enrollee.
9. A non-transient recording medium for storing a
computer-executable program causing a computer of a wireless
communication apparatus to execute a method comprising the steps
of: receiving a pseudo random number; generating an authentication
code based on the pseudo random number; determining whether
authentication using the authentication code with a given wireless
communication apparatus is successful, and performing wireless
communications with the given wireless communication apparatus when
determining that the authentication using the authentication code
with a given wireless communication apparatus is successful.
10. The non-transient recording medium according to claim 9, the
method further comprising the steps of: determining whether the
given wireless communication apparatus has a function to generate
the authentication code, and performing the authentication using
the authentication code with the given wireless communication
apparatus when determining that the given wireless communication
apparatus has the function to generate the authentication code.
11. The non-transient recording medium according to claim 10, the
method further comprising the steps of: storing a fixed code, and
performing the authentication using the fixed code with the given
wireless communication apparatus when determining that the given
wireless communication apparatus does not have the function to
generate the authentication code.
12. A method of mutually authenticating and establishing a secure
connection between first and second wireless communication
apparatuses, the method comprising the steps of: establishing a
temporary connection between the first and second wireless
communication apparatuses based on a first input to the first
wireless communication apparatus by a user and a second input to
the second wireless communication apparatus by a user within a
predetermined time period starting from the first input, receiving,
by the first and second wireless communication apparatuses where
the temporary connection is established therebetween, a pseudo
random number; generating, by the first and second wireless
communication apparatuses, an authentication code based on the
pseudo random number; determining, by the first and second wireless
communication apparatuses, whether authentication using the
authentication code is successful, and performing wireless
communications between the first and second wireless communication
apparatuses when determining that the authentication using the
authentication code is successful.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] The present application is based on claims the benefit of
priority under 35 U.S.C .sctn.119 of Japanese Patent Application
No. 2012-182026 filed Aug. 21, 2012, the entire contents of which
are hereby incorporated herein by reference.
BACKGROUND OF THE INVENTION
[0002] 1. Field of the Invention
[0003] The present invention relates to a wireless communication
apparatus, a recording medium, and a method.
[0004] 2. Description of the Related Art
[0005] Recently, more and more protocols have been proposed for a
simple setup of wireless LAN connection to reduce its troublesome
installation step. Currently, as such simple setup protocols, two
methods have become popular: one is a PIN method in which a PIN
code, which is known only to (accessible only by) a user having
valid authority, is used for authentication between apparatuses;
and the other is a push-button method.
[0006] Especially, in the push-button method, it is possible to
eliminate troublesome data input, and it is further possible to
easily apply to an electronic device such as a home electrical
appliance having no user interface for data input. Due to these
features, the push-button method if expected to be used in various
applications.
[0007] In this regard, Japanese Laid-open Patent Publication No.
2008-283422 (Patent Document 1) discloses a method in which a
secure connection is established between a printer and a camera
based on a Push Button Configuration protocol of a Wi-Fi Protected
Setup (WPS), the protocol having been standardized by IEEE
802.11.
[0008] In the following, the WPS push button method is briefly
described with reference to FIG. 1. In WPS, a function to provide
configuration data (setting data) necessary for the secure
connection is called a "registrar". Meanwhile, a function to set
communication parameters which are provided from the "registrar" is
called an "enrollee".
[0009] The WPS protocol sequence is divided into three main phases.
In the first phase, a temporary connection (for plain text) is
established between first and second apparatuses, via a probe
request and open authentication, when, after a predetermined time
period (e.g., from several tens of seconds to several minutes) has
passed since a push button of the first apparatus is pressed, a
push button of the second apparatus is pressed.
[0010] Next, in the second phase, the configuration data are shared
which is necessary for the authentication and secure connection
based on an EAP-WSC protocol. In the EAP-WSC protocol, to make it
possible to share an encryption key by using a communication line
on which no security is ensured, a Diffie-Hellman key exchange
(hereinafter simplified as "DH") algorithm is employed.
[0011] After the enrollee and registrar mutually transmit
respective public keys to each other, the enrollee and registrar
generate a passphrase (secret key), which is to be commonly used
between the enrollee and registrar, based on the confidential
information of the enrollee and registrar and the public key
received from the registrar and enrollee, respectively.
[0012] Finally, in the third phase, based on the WPA protocol,
after an encryption key is generated and shared using a
predetermined algorithm based on the passphrase generated in the
second phase, both the enrollee and registrar encrypt respective
communication data using the encryption key (secret key) which is
common between the enrollee and registrar. By doing this, a secure
connection is established.
[0013] However, it is known that "DH", which is used in the second
phase, is vulnerable to a man-in-the-middle attack. To eliminate
this vulnerability, it is necessary to carry out some kind of
mutual authentication between the enrollee and registrar. In this
regard, in the WPS push button method, the authentication
indicating that the other part is valid (correct) is achieved based
on a fact that the push buttons (of the enrollee and registrar) are
pressed within the same time period (i.e., a fact that one party
knows when the other party pushes the button).
[0014] Specifically, in response to the press down of the push
button of the enrollee, the enrollee apparatus transmits a
predetermined authentication code to the other party, and the
registrar apparatus, where the push button of the registrar
apparatus is pressed in the same time period when the push button
of the enrollee apparatus is pressed, compares the authentication
code received from the enrollee apparatus and the authentication
code of the registrar apparatus.
[0015] However, the authentication code used in the push button
method is typically a fixed value. Furthermore, in many cases, the
authentication code is made public (disclosed) in the specification
manual or the like. Therefore, it is not possible to completely
eliminate the risk of a man-in-the-middle attack by a malicious
third party.
[0016] The present invention is made in light of the above problem,
and may provide a wireless communication apparatus, a recording
medium, and a method capable of appropriately reducing a security
risk in a wireless LAN connection setting.
SUMMARY OF THE INVENTION
[0017] According to an aspect of the present invention, a wireless
communication apparatus includes an optical wireless receiving unit
receiving a pseudo random number; an authentication code generator
generating an authentication code based on the pseudo random number
received by the optical wireless receiving unit; and a wireless
communication unit determining whether authentication using the
authentication code with a given wireless communication apparatus
is successful, and performing wireless communications with the
given wireless communication apparatus when determining that the
authentication using the authentication code with a given wireless
communication apparatus is successful.
BRIEF DESCRIPTION OF THE DRAWINGS
[0018] Other objects, features, and advantages of the present
invention will become more apparent from the following description
when read in conjunction with the accompanying drawings, in
which:
[0019] FIG. 1 is a drawing schematically showing a WPS simple setup
sequence;
[0020] FIG. 2 is a functional block diagram of a wireless
communication apparatus according to an embodiment;
[0021] FIG. 3 is a drawing showing a wireless LAN system according
to the embodiment;
[0022] FIG. 4 is a flowchart of a process performed by the wireless
communication apparatus according to the embodiment;
[0023] FIG. 5 is a drawing schematically showing a simple setup
sequence according to the embodiment; and
[0024] FIG. 6 is a drawing showing a wireless LAN system according
to another embodiment.
DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
[0025] In the following, embodiments of the present invention are
described with the accompanying drawings. However, it should be
noted that the present invention is not limited to those
embodiments described below. Throughout the figures, the same
reference numerals are used to describe the same elements, and the
descriptions thereof may be omitted.
[0026] A wireless communication apparatus 100 according to an
embodiment may be referred to as a wireless communication apparatus
which is compliant with a push-button-type simple configuration
protocol. As an example of the push-button-type simple
configuration protocol, there is a "Push Button Configuration
Method" of the Wi-Fi Protected Setup (WPS) which is standardized by
IEEE 802.11.
[0027] In the following descriptions, an example is described where
the wireless communication apparatus 100 employs the "Push Button
Configuration method" (herein after simplified as "PB method") for
WPS simple configuration setup.
[0028] In WPS, in a simple configuration setup, the function to
provide "Configuration Data" which are necessary for a secure
connection is called the "Registrar" and the function to set the
provided "Configuration Data" is called the "Enrollee". Therefore,
the wireless communication apparatus 100 according to an embodiment
may include any one of the Registrar and Enrollee or both the
Registrar and Enrollee depending on the application.
[0029] Namely, the wireless communication apparatus 100 according
to the embodiment may be used (provided) as a wireless LAN base
station (access point). In this case, the wireless communication
apparatus 100 serves as the Registrar (i.e., includes (provides)
the function of the Registrar). Further, the wireless communication
apparatus 100 according to the embodiment may be used (provided) as
a wireless terminal (wireless station). In this case, the wireless
communication apparatus 100 serves as the Enrollee (i.e., includes
(provides) the function of the Enrollee).
[0030] Further, the wireless communication apparatus 100 according
to the embodiment may be used (provided) as any electronic device,
(e.g., Multi Function Peripheral (MFP), cellular phone, tablet
terminal and the like), which is compliant with the "Wi-Fi Direct"
formulated by the Wi-Fi Alliance. In this case, the wireless
communication apparatus 100 serves as both the Registrar and
Enrollee (i.e., includes (provides) the functions of the Registrar
and Enrollee), and selectively activates the functions.
[0031] FIG. 2 is a functional block diagram of the wireless
communication apparatus 100 according to an embodiment of the
present invention. As shown in FIG. 2, the wireless communication
apparatus 100 includes an optical wireless receiving device 20, a
push button 30, an RF wireless communication device 40, and a
controller 10.
[0032] The optical wireless receiving device 20 includes a light
receiving section 22 having an appropriate light receiving
device(s) such as diode(s), so as to achieve (provide) optical
wireless communications using light having a wavelength of visible
to infrared light. For example, the optical wireless receiving
device 20 may be referred to as a "data receiving device" in the
illumination light communication using an LED light.
[0033] The push button 30 herein referred to as a "push button"
used in the WPS PB method, and may be either a mechanical button
switch or a software button (in GUI).
[0034] The controller 10 includes a connection controller
(connection setting section) 12, an authentication code generator
14, a pressed button detector 16, and a fixed code storage 18.
[0035] The pressed button detector 16 detects a fact that the push
button 30 is pressed (down), and reports the detected fact to the
controller 12. In response to the report, the controller 12
controls the RF wireless communication device 40 so as to perform
data communications to share the configuration data which are
necessary for the secure connection to be established between the
wireless communication apparatus 100 and the other wireless
communication apparatus whose push button is pressed within a
predetermined time period (e.g., tens of seconds to several
minutes) which is started since the push button 30 is pressed
(hereinafter simplified as "configuration data").
[0036] When the wireless communication apparatus 100 serves (is
functioned) as the wireless LAN base station (access point), the
controller 12 serves as the Registrar, so as to provide the
configuration data to the Enrollee of the other wireless
communication apparatus via the RF wireless communication device
40.
[0037] Meanwhile, when the wireless communication apparatus 100
serves (is functioned) as the wireless terminal (wireless station),
the controller 12 serves as the Enrollee, so as to receive the
configuration data from the Registrar of the other wireless
communication apparatus via the RF wireless communication device 40
and set various communication parameters.
[0038] As described above, an example configuration of the wireless
communication apparatus 100 is described. Next, in a case of FIG.
3, a process performed by the wireless communication apparatus 100
is described with reference to a flowchart of FIG. 4. In the
following description, the functional block diagram of FIG. 2 may
be referred to when necessary.
[0039] Here, a case is described where the wireless LAN simple
setup ("PB method") is performed between the wireless communication
apparatus 100 having the Registrar function (hereinafter may be
referred to as a "Registrar 100A") and the wireless communication
apparatus 100 having the Enrollee function (hereinafter may be
referred to as an "Enrollee 100B") under an LED lighting device 200
as shown in the wireless LAN system of FIG. 3.
[0040] In the case of FIG. 3, the LED lighting device 200 serves
(is provided) as a data distribution device used in the
illumination light communication (i.e., "optical wireless
transmission unit").
[0041] To that end, the LED lighting device 200 converts a pseudo
random number (i.e., digital data), which is internally or
externally generated, into a flashing (blinking) signal having a
frequency in a range from several kHz to several hundred kHz, and
blinks on and off the LED in high speed in synchronization with the
converted flashing signal (optical wireless signal) to distribute
the pseudo random number in the room of the LED lighting device
200.
[0042] In this case, it is preferable that the distributed pseudo
random number may be updated every predetermined time interval to
reinforce the security.
[0043] The optical wireless receiving device 20 starts its
receiving operation either at the same time when the wireless
communication apparatus 100 is started or in response to the
detection that the push button 30, which is described below, is
pressed. Then, the optical wireless receiving device 20 performs WE
conversion from the flashing signal (illumination light) blinking
on and off in high speed from the LED lighting device 200 into an
electronic signal and demodulates the electronic signal to acquire
the pseudo random number (digital data).
[0044] The optical wireless receiving device 20 transmits the
acquired pseudo random number (digital data) to the authentication
code generator 14.
[0045] The authentication code generator 14 generates an
authentication code, based on the pseudo random number received
from the optical wireless receiving device 20, in accordance with a
predetermined algorithm, and stores the generated authentication
code into a temporary memory (buffer) (of the authentication code
generator 14).
[0046] Here, it should be noted that the algorithm to generate the
authentication code is not limited. Namely, for example, an
algorithm may be used in which the received pseudo random number is
directly used as the authentication code. Further, when the pseudo
random number distributed from the LED lighting device 200 is
periodically updated, the authentication code generator 14
generates (updates) new authentication code based on the updated
pseudo random number, and replaces the authentication code
currently stored in the temporary memory (buffer) by the updated
authentication code.
[0047] In the following, the authentication code stored in the
temporary memory (buffer) may be referred to as an "optical
wireless PIN code".
[0048] FIG. 4 is a flowchart of a process performed by the
controller 12 of the wireless communication apparatus 100 according
to the embodiment. At the same time when wireless communication
apparatus 100 is started up, the controller 12 also starts waiting
for detecting the fact that the push button 30 is pressed (No in
step S101).
[0049] When the fact that the push button 30 is pressed is detected
(Yes in step S101), the controller 12 establishes a temporary
connection between the wireless communication apparatus 100 and the
other wireless communication apparatus whose push button is pressed
within a predetermined time period (e.g., tens of seconds to
several minutes) which is started since the push button 30 is
pressed (step S102).
[0050] Next, in step S103, the controller 12 exchanges data
indicating which functions are supported (hereinafter may be
referred to as an "ability exchange") with the other wireless
communication apparatus which is connected from the wireless
communication apparatus 100.
[0051] Specifically, the controller 12 exchanges (receives) the
data indicating whether the other wireless communication apparatus
connected from the wireless communication apparatus 100 has a
function to generates the optical wireless PIN code.
[0052] As a result, when it is determined that the other wireless
communication apparatus connected from the wireless communication
apparatus 100 has the function to generate the optical wireless PIN
code (i.e., supports to handle the optical wireless PIN code) (Yes
in step 104), the controller 12 performs an authentication process
based on the latest optical wireless PIN code stored in the
temporary memory of the authentication code generator 14 (step
S105).
[0053] Specifically, the Enrollee 100B reads the latest optical
wireless PIN code stored in the temporary memory of the
authentication code generator 14, and transmits the latest optical
wireless PIN code to the Registrar 100A. Then, the Registrar 100A
compares the latest optical wireless PIN code received from the
Enrollee 100B with the latest optical wireless PIN code stored in
the temporary memory of the authentication code generator 14 of the
Registrar 100A, and performs authentication.
[0054] On the other hand, when it is determined that the other
wireless communication apparatus connected from the wireless
communication apparatus 100 has no function to generates the
optical wireless PIN code (i.e., the other wireless communication
apparatus does not support the handling of the optical wireless PIN
code) (No in step 104), the controller 12 performs the
authentication process based on a fixed code stored in the fixed
code storage 18 (hereinafter referred to as a "fixed PIN code")
(step S106).
[0055] Specifically, the Enrollee 100B reads the fixed PIN code
stored in the fixed code storage 18, and transmits the fixed PIN
code to the Registrar 100A. Then, the Registrar 100A compares the
fixed PIN code received from the Enrollee 100B with the fixed PIN
code stored in the fixed code storage 18 of the Registrar 100A, and
performs authentication.
[0056] As a result, when the authentication fails (NO in step
S107), the setup fails.
[0057] On the other hand, when the authentication succeeds (YES in
step S107), the process goes to step S108, a predetermined data
communication is performed to share the configuration data.
[0058] Specifically, the Registrar 100A provides (transmits) the
configuration data possessed by the Registrar 100A to the Enrollee
100B, and the Enrollee 100B sets necessary communication parameters
based on the configuration data received from the Registrar 100A.
After that, the encryption key is generated and shared, so as to
establish the secure connection.
[0059] Next, an example sequence of the simple setup performed
between the Registrar 100A and the Enrollee 100B is described with
reference to FIG. 5.
[0060] A WPS protocol sequence is divided into three main phases.
In the first phase, a temporary connection (in plain text) is
established between wireless communication apparatuses in which a
simple setup is to be performed.
[0061] In the second phase, the authentication based on the EAP-WSC
protocol and the sharing of the configuration data are performed.
In the third phase, a secured connection is established after the
encryption key is generated and shared based on the WPA
protocol.
[0062] The above second phase generally includes eight messages (M1
through M8). The messages M1 and M2 correspond to the
communications exchange to share the Diffie-Hellman key. In the
sequence of FIG. 4, the "ability exchange" is performed using the
messages N1 and M2.
[0063] In the following, the simple setup sequence performed by the
Registrar 100A and the Enrollee 100B is
Described step by step.
[0064] First, the Registrar 100A and the Enrollee 100B start
receiving the optical wireless signal at the same time when the
Registrar 100A and the Enrollee 100B, respectively, are started up
or when the fact that the respective push button 30 are pressed
(S1/S2). Then the Registrar 100A and the Enrollee 100B generate
respective optical wireless PIN codes based on the received pseudo
random number (S1.1/S2.1).
[0065] Next, the Enrollee 100B issues a probe request across a
predetermined time period after the push button 30 of the Enrollee
100B is pressed. During the predetermined time period, when the
push button 30 of the Registrar 100A is pressed and the Registrar
100A responds to the probe request, a temporary connection in plain
text is established between the Enrollee 100B which has issued the
probe request and the Registrar 100A (S3).
[0066] Next, the start of the simple setup using an EAPOL frame
format is declared (announced) (S4).
[0067] Next, the Enrollee 100B adds a flag indicating that the
Enrollee 100B has the function to generate the optical wireless PIN
code (hereinafter "optical wireless PIN code activation flag") to
the message M1 which is for transmitting the public key PK.sub.E on
the Enrollee 100B side (S5), and transmits the message M1 including
the "optical wireless PIN code activation flag" to the Registrar
100A (S6).
[0068] Further, for example, the optical wireless PIN code
activation flag may be implemented by using a vendor dedicated
extended region formulated by WPS.
[0069] The Registrar 100A having received the message M1 from the
Enrollee 100B checks the optical wireless PIN code activation flag
included in the message M1 to make sure that the Enrollee 100B
supports the optical wireless PIN code activation flag (S6.1).
[0070] Next, the Registrar 100A adds the optical wireless PIN code
activation flag to the message M2 for transmitting the public key
PK.sub.R on the Registrar 100A side (S5), and transmits the message
M2 including the optical wireless PIN code activation flag to the
Enrollee 100B (S8).
[0071] The Enrollee 100B having received the message M2 from the
Registrar 100A checks the optical wireless PIN code activation flag
included in the message M2 to make sure that the Registrar 100A
supports the optical wireless PIN code activation flag (S8.1).
[0072] After the time point when the Registrar 100A and the
Enrollee 100B determine that the Enrollee 100B and the Registrar
100A, respectively support the optical wireless PIN code activation
flag, both the Registrar 100A and Enrollee 100B perform the
authentication using the optical wireless PIN code activation flags
in place of the fixed codes stored in the respective fixed code
storages 18, and share the configuration data (S9/S10).
[0073] As described, a sequence including the "ability exchange" in
the EAP-WSC phase is described. However, the above described
sequence is an example only. Namely, for example, the "ability
exchange" may be performed using the information elements (i.e.,
"Information Entity" formulated in IEEE 802.11) before the EAP-WSC
phase. Further, it is preferable, that the "ability exchange" be
performed within a framework of the standard protocol.
[0074] As described above, according to the embodiment, as shown in
FIG. 3, the authentication may be successful only when the
Registrar 100A and Enrollee 100B are disposed within the
irradiation range of the illumination light from the LED lighting
device 200.
[0075] Also, the authentication inevitably fails when only one of
the wireless communication apparatus is outside of the irradiation
range of the illumination light from the LED lighting device 200
(e.g., in the other room). Therefore, even when a malicious third
party is able to know the timing when the push button is pressed, a
man-in-the-middle attack by the malicious third party who is in the
other room which is outside the irradiation range of the
illumination light from the LED lighting device 200 may not be
successful.
[0076] Further, in another embodiment, as shown in FIG. 6, two or
more different pseudo random numbers may be distributed from two or
more optical wireless transmission units. In the case of FIG. 6,
different pseudo random numbers ("2728" and "1506") are distributed
from two LED lighting devices 200A and 200B, respectively, mounted
on the ceiling.
[0077] Further, in this embodiment, the optical wireless receiving
device 20 includes two light receiving sections 22a and 22b having
different directivities from each other, so that the light
receiving section 22a receives the pseudo random number ("2728")
distributed from the LED lighting device 200A and the light
receiving section 22b receives the pseudo random number ("1506")
distributed from the LED lighting device 200B.
[0078] Further, the authentication code generators 14 of the
Registrar 100A and Enrollee 100B generate one authentication code
based on two different pseudo random numbers in accordance with a
predetermined algorithm.
[0079] In this embodiment, by appropriately adjusting the
directivities of the LED lighting devices 200A and 200B (i.e.,
optical wireless transmission and reception devices) and the
directivities of the optical wireless receiving devices 20, the
area where the authentication is successfully performed may be
limited to small areas. Therefore, for example, it may become
possible to respond to a request for limiting the wireless LAN
circumstance only to an area on the desk in the meeting room.
[0080] As described above, according to an embodiment of the
present invention, it may become possible to appropriately reduce
the security risk while the convenience of the push button method
is maintained.
[0081] As described above, as an embodiment, a case is described
where the LED lighting device is used as the optical wireless
transmission unit. However, it should be noted that the present
invention does not limit the type or wavelength of the light source
used in the optical wireless communications. Namely, for example,
an LED emitting infrared light may be used as the light source.
[0082] Further, the present invention is not limited to be applied
to the WPA protocol. Namely, it may not be necessary to emphasize
that the present invention may also be applied to any other simple
setup protocol employing a similar push button method.
[0083] Although the invention has been described with respect to
specific embodiments for a complete and clear disclosure, the
appended claims are not to be thus limited but are to be construed
as embodying all modifications and alternative constructions that
may occur to one skilled in the art that fairly fall within the
basic teaching herein set forth.
[0084] The functions described in the above embodiments may be
realized by a computer-readable program written in, for example, an
object-oriented language such as C, C++, C#, Java (registered
trademark) or the like. The program according to an embodiment of
the present invention may be stored in and distributed using a hard
disk drive, CD-ROM, MO, DVD, flexible disk, EEPROM, EPROM, or the
like. Further, the program may be transmitted via a network using a
format readable by other devices.
* * * * *